Security is an important issue within the work of the AnNa project. Much work has been done and guidance developed.
In January an Advanced Security Study – based on an questionnaire replied by 8 countries - was approved by the AnNa Project Board and Consortium meeting. This study identified relevant technical security aspects to be addressed in the implementation of the MSW’s and the MSW2MSW network and possible counter-measures to mitigate the related risks. It was approved that practical guidance on how to effectively deal with security would be developed.
Fibve reports (practical guidance’s) have been developed:
- Business Continuity Plan
- Information Classification Guide - covering the information classification and management topic. Information shall be properly handled when stored and exchanged with other authorities. The deliverable will provide the authorities with a proposal for information classification and recommendations on how to manage the information on a category basis.
- Information Security Management System requirements, Labelling and management recommendations - in order to appropriately manage information security within the system and its operation an Information Security Management System is required. Therefore the minimum set of requirements to be followed and met in order to define a proper ISMS that can meet certification requirements are provided.
- IT Security Recommendations - provide a set of guidelines and recommendations on how to configure and manage the IT system hosting the MSW system at National level in order to ensure the minimum level of security required and expected for such a system - 3th Draft ready: reaction to gianluca.vezzani@dappolonia,it
- IT Security Training Guidelines - awareness of personnel on security matters is of extreme relevance for a correct and proper management and operation of a system managing information that shall be handled in a secure way. This document will present a set of minimum recommendations to be followed in providing users the proper security training. 1st Draft ready: reaction to gianluca.vezzani@dappolonia,it
Still to come
- Compliance Tools - this tool will allow authorities to understand and self-evaluate how far they are to 100% compliance concerning the AnNa security framework recommendation and requirements. Forecast delivery date: 30 September 2015.
This is an update of the News issue of 30 June 2015